Stats
Actions
Tags
From gotrino-assistant
Surface dependency debt — outdated packages, abandoned/deprecated libs, unused deps, version drift across manifests. Static analysis only (no package manager calls). Use before upgrades, audits, or when planning tech renewal.
How this skill is triggered — by the user, by Claude, or both
Slash command
/gotrino-assistant:dep-debtThis skill is limited to the following tools:
The summary Claude sees in its skill listing — used to decide when to auto-load this skill
Surface dependency debt and point at the packages most likely to bite.
Surface dependency debt and point at the packages most likely to bite.
"Which dependencies will bite us, and when?"
Every dependency is a bet: that it'll keep working, stay maintained, not have vulnerabilities. Old bets decay. Some libs went abandoned years ago; some pinned versions missed a major release; some packages are installed and imported nowhere. Dep-debt is the audit of those bets.
Not a replacement for npm audit / pip-audit. This skill reads manifests statically and spots patterns. For vulnerability scans, use the ecosystem tool — this skill tells you where to look.
User may specify a directory. Default: project root. For monorepos, scan all manifests found.
Follow references/config-migration.md for preflight.
Read .assistant-config.md for:
Glob for all supported manifests (see references/dep-debt-manifests.md). In a monorepo, expect multiple.
List all manifests found. Read each. Note declared deps, versions, lockfile presence.
import/require/from X import. If no match, flag as "appears unused; verify build scripts".Organize findings per manifest file. A monorepo with three packages should produce three location groups, not one flat list.
references/dep-debt-manifests.mdreferences/debt-output-format.mdreferences/config-migration.mdFollow references/debt-output-format.md exactly.
npm outdatednpm outdated lists versions. This skill tells you which version drift actually matters — lodash three minor versions behind is unlikely to bite; request being abandoned for four years is a landmine. Judgment on top of data.
npx claudepluginhub hereinthehive/gotrino-assistant --plugin gotrino-assistantAudits project dependencies for bloat, unused packages, security risks, supply-chain issues, and upgrades by building import graphs and verifying call sites in npm, pip, Cargo, Go, Ruby projects.
Audits dependencies for vulnerabilities, outdated versions, transitive issues, and licenses in Node.js, Python, PHP, Ruby, Go, and Rust projects using npm audit, pip-audit, and equivalents.
Analyzes project dependencies for vulnerabilities, licensing issues, outdated packages, and supply chain risks. Provides prioritized remediation strategies and upgrade paths.